Thursday, December 29, 2011

Tools of the trade

Let me be perfectly clear, I am not an expert in this field. While I’ve done a bit of Reverse Engineering (REing) for writing memory corruption exploit code, that was 10 years ago. I’m basically having to re-learn all the stuff I only somewhat knew back then. Obviously this is going to take a while, so if you already do this kind of work; you’ll most likely learn nothing new from me, so carry on nothing to see here. Again, the purpose of this blog is to record and keep track of everything I learn and hopefully someone, somewhere will learn something from it. Now, on to the real topic.

The majority of cheats require us to actually modify the way the game works. Whether it’s screwing with the DirectX rendering to make your enemies visible through walls, or writing a bot to act on changes in the environment. To do this we need to know a few things; how the game works, what rendering engine (although it should pretty much be DirectX only these days) is in use, which encryption/compression algorithms are being used etcetera. To know all of this, we need to be familiar with reverse engineering techniques and how to apply them.

The first step in reverse engineering is groking the assembly code of executables and their supporting DLLs. To do that, you will most likely end up using IDA Pro. Almost every game these days are still being compiled to x86 (32bit). I assume for support reasons 64 bit just hasn’t become the norm, but I’m not an expert in the gaming industry so I have no idea. This may or may not be important depending on which tools we use against the game. If some only support 32bit and we're messing with 64bit apps, you'll be shit out of luck. Also for modifying supporting files or patching the binary itself, you will want a decent hex editor, I personally prefer 010Editor as it has templates that will automatically parse various file types. You can download additional templates from here.

So we use IDA Pro and 010Editor for various REing activities, but those are for static analysis. We also are concerned with doing runtime analysis. For that we need a good debugger. Back when I was writing exploit code I used OllyDBG extensively. The interface was intuitive and it was just really easy to work with. These days, while a lot of people still use olly, it just doesn’t seem as powerful as WinDBG, so I figure now is a good time to learn that. Another important tool for game hacking is a decent API monitor. This will allow us to see and record what Win32APIs are being used by our target game. For that, there’s API Monitor and it is quite a helpful tool. It allows you to spy on the API by hooking various sets of function calls and recording their arguments and return values. I’ll explain process injection and hooking in later parts of this blog. And finally to inspect network traffic, we need a good packet capture tool, which of course is Wireshark. If you are following along, I hope that gives you an idea of what tools I'll be using.

Until next time…

Oh and of course I'll be using visual studio for any coding projects. So yeah there's that.